Hey, I recently reinstalled my system which ended up with me having to also reinstall GRUB (UEFI things...).I've managed to set it all up but the problem is that now my /boot partition is encrypted meaning I have to enter the decryption password twice (once for grub and once for the kernel).

This is the layout I want:/dev/sda1 -> /boot (not encrypted)/dev/sda2 -> LVM (encrypted)

However, when I try to run grub-install it throws and error saying that the drive is encrypted and that I have to enable encryption in the /etc/default/grub file.

Here's what I think is happening:The debian guide to install grub says I should mount /dev/sda1 to /boot/efi and then run grub-install /dev/sda.I'm not sure if grub-install then finds an encrypted LVM on the same drive and therefore thinks the whole drive should be encrypted, or if its due to the fact that /boot/efi is "inside" the encrypted lvm since / is encrypted.

I do not see an EFI system partition ("UEFI things" you mentionned).Is sda1 a regular /boot partition or is it an EFI system partition ?An EFI system partition has the special type "EFI system", formated as FAT and contains a directory "EFI" containing EFI executable files *.efi. It is usually mounted on /boot/efi as expected by GRUB but some systemd people suggest it should be mounted on /boot.

Can we see the output of the following commands to get a better picture of your setup ?

Dronar wrote:The debian guide to install grub says I should mount /dev/sda1 to /boot/efi and then run grub-install /dev/sda.

If you're installing GRUB in EFI mode then you do not specify any boot device to grub-install, because GRUB EFI does not install any boot image in an MBR or PBR. It installs the core image as a regular .efi file in the EFI system partition mounted on /boot/efi.

Dronar wrote:I'm not sure if grub-install then finds an encrypted LVM on the same drive and therefore thinks the whole drive should be encrypted, or if its due to the fact that /boot/efi is "inside" the encrypted lvm since / is encrypted.

If a EFI partition is mounted on /boot/efi, /boot/efi contents comes from that partition and is not "inside" the encrypted LVM. But /boot/efi is not /boot : the rest of /boot is in the encrypted LVM if you do not mount another regular partition on /boot (aka /boot partition).